Commit Graph

169 Commits

Author SHA1 Message Date
drduh bf05e0e7c4 Better backup and testing instructions 2019-05-18 17:47:13 -07:00
drduh a6bc874713 Increment debian image version 2019-04-30 12:03:19 -07:00
Simon A c5e1d96d84 fix(link): update links to latest version (old ones 404) 2019-04-25 17:53:55 +02:00
David Kane 5007059085
Fix link anchor issue
fix 'Save public key for identity file configuration' markdown link
fix 'Remote Machines (agent forwarding)' markdown link
2019-04-14 19:48:18 +01:00
Philipp Eckel 13c8fcf647
no need to support the monopoly 2019-03-19 00:30:03 +01:00
nixbitcoin 6d4035252a
Add Verify Yubikey section 2019-03-07 14:02:05 +01:00
Adam Uhlíř 3ed8f56557
Add hint for setting up gpg-agent socket
On my system (Linux Mint) `gpgconf --list-dirs agent-ssh-socket` does return all dirs and not only the one for agent-ssh-socket hence `ssh-add -L` was failing. This is a hint for other people to troubleshoot this behaviour.
2019-02-19 10:33:18 -08:00
Zachary Adam Kaplan e4cb903ef4
debian iso has change from 9.6.0 -> 9.7.0 2019-02-15 16:23:29 -08:00
drduh e05dc4b5bd Update license and formatting 2019-02-06 20:25:04 -08:00
Michael Käufl 457e22d473
Move install instructions to the top
Section `Creating keys` ends with `Disable networking for the
remainder of the setup.`.  All instructions that require a network
should be before this sentence.
2019-02-06 13:17:57 +01:00
drduh 303cb25d4d Update license year, style and grammar 2019-02-02 21:25:21 -08:00
drduh 3f4480db25 Update openbsd instructions 2019-02-02 21:08:39 -08:00
drduh 381088ba79
Merge pull request #92 from tacaswell/doc_arch_install
DOC: add install instructions for Arch linux and RHEL
2019-02-03 03:57:33 +00:00
Thomas A Caswell 7dbc05977e
DOC: update for packages to install on RHEL 2019-02-02 22:15:41 -05:00
Thomas A Caswell 9e7a3225ae
DOC: add install instructions for Arch linux 2019-02-02 22:11:09 -05:00
Wael M. Nasreddine 7115f9a385
Master key should have Certify-capability only! 2019-02-02 09:48:59 -08:00
Michael bba51c10cc
Fix typo
IdentityFiles can be passed to ssh via `-i`, not `-l`.
The next paragraph mentions the correct argument.

ref commit 52c8324fa2,
part of PR drduh/YubiKey-Guide#65
2019-01-20 18:48:59 +00:00
drduh 8ea5900d4e Style and console formatting, tips for multiple key use 2019-01-17 22:13:24 -08:00
wheest ee71716ed7 Added pull request suggestions 2019-01-12 17:05:21 +00:00
Wheest c28b33372c Moved Agent Forwarding section to before the WSL one 2019-01-07 22:00:27 +00:00
Wheest b44f6131ef Further amendments to Agent Forwarding 2019-01-07 21:58:14 +00:00
Wheest 7eed0ccef8 Improvements to Agent Forwarding section, following feedback in:
https://github.com/drduh/YubiKey-Guide/issues/85
2019-01-07 21:38:46 +00:00
drduh 3a872d40fe Fix keyserver command order to fix #86 2019-01-06 17:47:10 -08:00
Dan Cundiff 8f724a4df5
Add addition note about red hokey output 2019-01-06 19:35:03 -06:00
drduh 19b1297c22
Merge pull request #84 from hughobrien/mention-tmpfs
describe tmpfs clearing rather than init system (debian uses tmpfs)
2018-12-30 02:35:24 +00:00
drduh 3174935f99
Merge pull request #83 from hughobrien/gpg-conf-key-origin
remove broken gpg option (debian 9.6)
2018-12-30 02:34:25 +00:00
Hugh O'Brien a6431962a6 remove broken gpg option (debian 9.6)
As per [0], the --with-key-origin option is experimental.

0: https://www.gnupg.org/documentation/manuals/gnupg/GPG-Input-and-Output.html#index-with_002dkey_002dorigin
2018-12-29 20:12:09 +00:00
Hugh O'Brien 0f6e9948d7 mention debian-live user/pass in case of screen lock 2018-12-29 20:08:48 +00:00
Hugh O'Brien 80d5c0ed6c describe tmpfs clearing rather than init system (debian uses tmpfs) 2018-12-29 20:06:33 +00:00
drduh 94919459a6 Update gpg prefs, style and fix #21. 2018-12-27 20:26:37 -08:00
Matt T. Proud 7746c3381a Emphasize keytocard danger and fix inconsistency.
This commit applies a few editorial cleanups to the document:

  1. `keytocard` operations now contained emphasized warnings to convey
     that these operations are destructive.  I unknowingly made this
     mistake a few years ago and only learned of it recently.  For that
     reason, we should go out of our way on user's behalf with due
     diligence warnings.

  2. `$KEYID` was not uniformly used throughout the document in various
     command line input literals.  This is now fixed.

  3. `YubiKey` was often represented as `Yubikey` and other
     inconsistent forms throughout the document.  This is now fixed,
     except in cases of URL, command output, etc.
2018-12-07 09:50:30 +01:00
drduh a68fa27309
Merge pull request #79 from Wheest/master
Agent Forwarding
2018-12-05 17:10:07 +00:00
Wheest 4e23c63bb4
Agent Forwarding
Was looking at how to access on remote machines, is a standard ssh workflow, but might be useful to have it here too.
2018-12-05 16:02:37 +00:00
Brice Gagnage 86e03e6d09
final draft 2018-12-04 15:11:13 +01:00
Brice Gagnage ee30767612
final draft 2018-12-04 15:03:00 +01:00
Brice Gagnage ffd7b674c8
updated draft 2018-12-04 13:16:18 +01:00
Brice Gagnage 95624e2c48
first draft 2018-12-04 11:39:25 +01:00
Brice Gagnage 1c15d89a54
maow 2018-12-03 17:28:34 +01:00
Brice Gagnage 92467bc126
test 2018-12-03 17:19:45 +01:00
Brice Gagnage f39b92ae45
test sign 2018-12-03 17:17:09 +01:00
Brice Gagnage 2b5891294a
Update README.md
continuing
2018-12-03 15:00:04 +01:00
Brice Gagnage afc8580b0d
Update README.md
test
2018-12-03 13:54:40 +01:00
drduh d818b03cdc Grammar and lint. Fix #73. 2018-11-28 21:38:35 -08:00
Julian Hernandez 857adb26a2 Update live Debian version to 9.6.0 2018-11-28 22:54:41 -05:00
Dino Bajramovic 472d85d12b fix typo 2018-11-05 20:49:48 +01:00
drduh f1a97fc6d5 Note about gpg public key 2018-11-01 14:11:52 -07:00
loys ollivier 6f76e6a197
Update README.md
gpg option to edit card info is now `--card-edit` and not `--edit-card`
2018-10-29 11:59:29 +01:00
Ian Brown d02766389d
Add packages to apt-get list to fix gpg --recv and srm commands
Two commands mentioned later in the document won't work without two packages that don't come pre-installed with the Debian LiveCD:  dirmngr and secure-delete.
2018-10-16 21:00:48 -07:00
drduh 96af4d3b3b
Merge pull request #70 from jwilk-forks/gpg-verify
Fix live image integrity check
2018-09-18 19:40:19 -07:00
Jakub Wilk d7a14b078c Fix live image integrity check
"gpg SHA512SUMS.sign" would do the right thing only if the file actually
contained a detached signature.

Use explicit and robust "gpg --verify SHA512SUMS.sign SHA512SUMS"
instead.
2018-09-18 22:20:40 +02:00
Jakub Wilk 3be71bd253 Fix typos 2018-09-18 21:39:06 +02:00
drduh 27bef99239
Massive style revision and version update 2018-09-09 17:42:45 -07:00
Ben Low 34a5502477 typos 2018-07-19 12:55:33 +10:00
Ben Low 52c8324fa2 Expand on ssh identies usage. 2018-07-19 12:49:22 +10:00
Ben Low aad57241e9 Fix key label, consistency. 2018-07-18 18:24:06 +10:00
Ben Low b67776a2b2 Fix TOC, spelling. 2018-07-18 18:22:11 +10:00
Ben Low d33252848d Added information on `gpg-agent`. 2018-07-18 18:03:06 +10:00
Jonah Aragon 840b4069f2
Fix "signingkey" typo 2018-07-15 18:43:48 -07:00
Vadim Zendejas dad5bcd5fc
Added comment on GitHub Authetication for only Windows 2018-07-05 16:50:42 +02:00
Vadim Zendejas acfdcacec5
Added veracrypt.fr link to pre-compiled execs
Added veracrypt.fr link to pre-compiled execs
2018-07-05 12:57:57 +02:00
Mirko Pizii ad8cf8cd3a
Fix spaces for README 2018-06-21 20:40:24 +02:00
Mirko Pizii ee8fcb3805
Fix link of summary list 2018-06-21 20:20:16 +02:00
Wheest ecbe6e7b19
Fixing signature file fetch command for ykpers 2018-06-20 14:48:55 +01:00
drduh 25c8e23b8f
Emphasize live distro to fix #45 2018-06-16 14:06:45 -07:00
drduh a470da3af7
Update introduction, fix formatting and fix #46 2018-06-16 13:57:52 -07:00
drduh d07007a368
Fix up some formatting 2018-06-13 19:58:22 -07:00
drduh 254fd2c3d2
Formatting fix. 2018-06-05 10:08:02 -07:00
Jonathan Holtmann eadd3bb2f5
Fixed menu 2018-06-05 01:10:59 -04:00
Jonathan Holtmann ba382ce551
Added information on how to perform the YubiKey GPG setup and SSH authentication on Windows devices 2018-06-05 01:01:38 -04:00
drduh 478eb05de2
Mention Purse 2018-06-02 13:41:34 -07:00
drduh b9cd480f7a
Note on keeping backup mounted for 2xkeys. Fix #44 2018-04-29 18:50:54 -07:00
drduh fc429bf892
Remove obsolete option, add troubleshooting item 2018-04-29 18:34:59 -07:00
drduh 2cc0f7101e
Additional troubleshooting step and openbsd note 2018-04-29 14:50:06 -07:00
Michael Brown 17581cfd82
Remove outdated config from gpg.conf
Removing configuration paramaters no longer supported in GPG 2.X

Related to #28
2018-03-21 01:37:26 -04:00
James Wu 79dac3ec7d add explicit public key naming for IdentitiesOnly usage 2018-03-14 11:50:04 -07:00
W1lkins 9a21477481 install hopenpgp-tools as it is used in section https://github.com/drduh/YubiKey-Guide\#check-your-work where an apt-get command is listed 2018-03-03 16:12:36 +00:00
Marjan Grabowski f14d756578
Change rights of 'gpg.conf' to avoid warning 2018-02-26 10:33:42 +01:00
Nick Sandford 71b5e69cf1
Use gpgconf to get the ssh auth sock. 2018-02-25 19:43:36 +11:00
Philipp Eckel dcadfbdccd
remove not need keyserver certificate, see https://github.com/drduh/YubiKey-Guide/issues/48 2018-02-22 08:18:10 +01:00
Philipp Eckel 161dea9e92
remove outdated use-standard-socket option from SSH config, see here: https://www.gnupg.org/documentation/manuals/gnupg/Agent-Options.html 2018-01-30 22:50:47 +01:00
drduh e0430a0698
Formatting nit 2018-01-16 10:36:46 -08:00
drduh 5ecf1046a9
Formatting fix 2017-12-21 14:42:54 -08:00
kiralex 02bfc69c2a
Update README.md 2017-12-18 08:52:18 +01:00
kiralex badf3cc5d9
fix ssh-agent does not work on archlinux 2017-12-18 08:26:33 +01:00
drduh baf1e6676e
Mention ssh multiplex to ease multiple connections 2017-12-18 03:04:13 +00:00
drduh e3c0512b21
Describe status if public key not imported, fix #6 2017-12-18 02:47:07 +00:00
drduh 5d452a9190
Reference paper backup instructions, fix #3 2017-12-18 02:44:03 +00:00
drduh 6f199ec00e
Document error from Debian 9 2017-12-14 00:13:24 +00:00
drduh 7c0ea30e53
Document ssh-add error 2017-12-14 00:03:59 +00:00
Philipp Eckel 6dde3bda33
emphasize 2048 bit as the correct key size for the YubiKey Neo 2017-12-12 09:36:44 +01:00
Philipp Eckel 109de3011d
fix exporting KEYID 2017-11-10 11:26:22 +01:00
Ben Low bcada3f2cc Whitespace fixes. 2017-10-10 02:08:36 +11:00
Ben Low a010a2a752 Updated to gpg 2.2.1, and added some macOS references. 2017-10-10 01:53:19 +11:00
Aleksandr Vinokurov 9336fc1317 Replace hkt with gpg to fix unsupported GnuPG 2.1
hkt does not support GnuPG 2.1 because it expects gpg pubring.

But the export can be done by gpg itself.
2017-09-23 16:49:48 +02:00
Brendan Rius c871adc904 Make hkt respect custom $GNUPGHOME 2017-08-13 13:51:15 +02:00
Dawid Łakomski 07752240cb Add information about composite USB mode on YK with firmware >=3.3 2017-05-12 09:04:23 +02:00
drduh 1ad37577db Use require-cross-certification option. Fix #14. 2016-09-25 11:32:16 -04:00
drduh 94ada05473 Plug in YubiKey correctly. Fix #9. 2016-09-25 11:26:47 -04:00
drduh ac66a81a35 Merge pull request #24 from wsargent/patch-3
Use AES256 for private key password encryption
2016-09-25 11:23:29 -04:00
Will Sargent 8515aaf839 Use AES256 for private key password encryption
Adds 

```
s2k-cipher-algo AES256
```

to the GPG configuration, per https://pthree.org/2015/11/19/your-gnupg-private-key/

> --s2k-cipher-algo name
> Use name as the cipher algorithm used to protect secret keys. The default cipher is CAST5. This cipher is also used for symmetric encryption with a passphrase if --personal-cipher-preferences and --cipher-algo is not given.

https://www.gnupg.org/documentation/manuals/gnupg-2.0/OpenPGP-Options.html#index-s2k_002dcipher_002dalgo
2016-09-24 10:29:56 -07:00